Lucene search
K
BroadcomAdvanced Secure Gateway

16 matches found

CVE
CVE
added 2018/04/11 2:0 p.m.83 views

CVE-2016-10258

Symantec ASG/ProxySG are affected by CVE-2016-10258 (Unrestricted file upload) in management consoles. A malicious appliance administrator can upload arbitrary files and trick another admin into downloading/executing them. The issue is mitigated by upgrading to specified versions: ProxySG 6.5.10....

6.8CVSS6.8AI score0.04936EPSS
Web
CVE
CVE
added 2018/04/11 2:0 p.m.70 views

CVE-2017-13677

CVE-2017-13677 is a DoS vulnerability in Symantec ASG and ProxySG management consoles. A remote attacker can send crafted HTTP/HTTPS requests to trigger application crashes, affecting management-console availability. Affected are ASG and ProxySG SGOS versions prior to the specified remediations. ...

7.5CVSS7.4AI score0.0523EPSS
CVE
CVE
added 2020/04/09 11:16 p.m.65 views

CVE-2019-18375

The vulnerability CVE-2019-18375 affects Broadcom ASG (Advanced Secure Gateway) and ProxySG management consoles. A remote attacker with access to the appliance management interface can hijack an active session and access the management console with the hijacked user’s privileges. Impact is sessio...

6.5CVSS6.4AI score0.01231EPSS
CVE
CVE
added 2023/06/01 12:0 a.m.65 views

CVE-2023-23952

Affected product: Broadcom Advanced Secure Gateway and Content Analysis. Vulnerable components/versions: ASG and Content Analysis prior to 7.3.13.1 and 3.1.6.0. Root cause: Command injection vulnerability. Impact: high (CVSSv3.1 base 9.8, Confidentiality/Integrity/Availability high). Guidance: up...

9.8CVSS9.5AI score0.01351EPSS
CVE
CVE
added 2018/04/11 2:0 p.m.62 views

CVE-2017-13678

CVE-2017-13678 is a stored XSS vulnerability affecting Symantec ASG and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript into the management console web client, with impact limited to the console session as described in the sources. The advisory not...

4.8CVSS5.7AI score0.01079EPSS
CVE
CVE
added 2018/05/29 1:0 p.m.61 views

CVE-2018-5241

CVE-2018-5241 affects Symantec Advanced Secure Gateway (ASG) and ProxySG. The vulnerability arises when parsing SAML responses: XML nodes with comments are mishandled, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature and bypass authentica...

9.8CVSS9.5AI score0.04798EPSS
CVE
CVE
added 2018/01/10 2:0 a.m.58 views

CVE-2016-10257

Symantec ProxySG/ASG products are affected by CVE-2016-10257: a reflected XSS in the management console. Affected: ASG 6.6 and ASG 6.7 (before 6.7.2.1); ProxySG 6.5 (before 6.5.10.6), 6.6, and 6.7 (before 6.7.2.1). The flaw allows an attacker to inject arbitrary JavaScript into the management con...

6.1CVSS6AI score0.01473EPSS
CVE
CVE
added 2019/08/29 10:13 p.m.58 views

CVE-2018-18370

The CVE-2018-18370 issue affects ASG/ProxySG FTP proxy WebFTP mode and is a stored XSS vulnerability in the web listing of remote FTP servers. An attacker must be able to upload crafted files to the remote FTP server to inject malicious JavaScript via a ftp:// URL in a browser. Affected versions ...

6.1CVSS5.9AI score0.00772EPSS
CVE
CVE
added 2019/08/29 10:14 p.m.57 views

CVE-2018-18371

The CVE-2018-18371 issue affects the ASG/ProxySG FTP proxy WebFTP mode, enabling information disclosure by exposing plaintext credentials stored in the device’s web listing of FTP servers when users access an FTP server via ftp:// in a browser. Affected versions include ASG 6.6 and 6.7 prior to 6...

6.5CVSS6.4AI score0.00589EPSS
CVE
CVE
added 2022/07/07 3:48 p.m.57 views

CVE-2021-46825

Affected products: Symantec Advanced Secure Gateway (ASG) and ProxySG. Vulnerability: HTTP desync/HTTP desmuggling where a remote, unauthenticated attacker can leverage crafted HTTP requests to cause the proxy to forward a web server’s responses to unintended clients when the attacker and other c...

9.1CVSS9.1AI score0.01525EPSS
CVE
CVE
added 2023/06/01 12:0 a.m.52 views

CVE-2023-23955

CVE-2023-23955 affects Broadcom’s Advanced Secure Gateway and Content Analysis: versions prior to 7.3.13.1 and 3.1.6.0 are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. The available connected documents confirm the product family and vulnerable version ranges, with remediatio...

8.1CVSS8AI score0.00474EPSS
CVE
CVE
added 2017/05/11 2:1 p.m.51 views

CVE-2016-9097

The CVE-2016-9097 issue affects Symantec ProxySG and Advanced Secure Gateway (ASG) management consoles. Root cause: improper user authorization allowing a read-only administrator to access read-write functionality. Affected versions and fixes are documented: ASG 6.6 prior to 6.6.5.8 requires upgr...

8CVSS6.9AI score0.02353EPSS
CVE
CVE
added 2017/05/11 2:1 p.m.50 views

CVE-2016-9099

CVE-2016-9099 is an open redirect vulnerability affecting Symantec ASG/ProxySG: ASG 6.6, ASG 6.7 before 6.7.2.1, ProxySG 6.5 before 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 before 6.7.2.1. An attacker can use a crafted management console URL in a phishing scenario to redirect users to a malicious s...

6.1CVSS6.3AI score0.01826EPSS
CVE
CVE
added 2017/05/11 2:1 p.m.49 views

CVE-2016-9100

The CVE-2016-9100 entry affects Symantec ASG/ProxySG: ASG 6.6 before 6.6.5.13, ASG 6.7 before 6.7.3.1, ProxySG 6.5 before 6.5.10.6, ProxySG 6.6 before 6.6.5.13, and ProxySG 6.7 before 6.7.3.1 are vulnerable to information disclosure. An attacker with local access to the client host of an authenti...

7.8CVSS7.2AI score0.00429EPSS
CVE
CVE
added 2023/06/01 12:0 a.m.49 views

CVE-2023-23954

Broadcom Advanced Secure Gateway (ASG) and Content Analysis are affected by CVE-2023-23954, a Stored Cross‑Site Scripting vulnerability in ASG prior to v7.3.13.1 and Content Analysis prior to v3.1.6.0. The description indicates a stored XSS issue but provides no exploitation details. Rationale an...

5.4CVSS5.2AI score0.00341EPSS
CVE
CVE
added 2023/06/01 12:0 a.m.45 views

CVE-2023-23953

The CVE-2023-23953 entry applies to Broadcom Advanced Secure Gateway (ASG) and Content Analysis, affected before 7.3.13.1 and 3.1.6.0. The root cause is an Elevation of Privilege vulnerability reported across multiple sources. Impact is described as potential privilege escalation on affected appl...

7.8CVSS7.6AI score0.00189EPSS